Chkuser 2.0 - running qmail-smtpd


qmail-smtpd executes as a qmail dedicated user, communicating on the external SMTP side using a socket connection, and talking to the internal processing section using a pipe.

This architecture is very secure, as qmail-smtpd is allowed to read/write only what it owns (practically nothing), and, the eventual break of qmail-smtpd by a cracker would have a minimal impact on the safety of the system.

chkuser running behaviours

Checking of recipients may be done only if qmail-smtpd server is allowed to enquiry and read the existing qmail/vpopmail databases and structures.

This mainly means qmail-smtpd, either:

  • should run as vpopmail user, in order to enquiry and read vpopmail users, aliases, mailing lists, control files, etc.
  • should run as usual, switching to vpopmail UID and GID, whenever it needs to perform its checking actions.

Given the fact qmail-smtpd is incredibly robust, running it one or the other way is matter of personal behaviour and preference.

Only exception to the previous said is UID and GID switching are incompatible with TLS patches (like the one in toaster-0.6-1), as these patches want to run under a unique UID/GID.

So, usage of TLS patches requires qmail-smtpd running as fixed user.

Enabling UID/GID switching code

chkuser has a dedicated define (#define CHKUSER_ENABLE_UIDGID) to enable compilation of UID/GID switching code. This define must exist, uncommented, if you are going to run qmail-smtpd with UID/GID switching.

When running qmail-smtpd as fixed user, usage of this #define is optional. If #define is enabled, UID/GID switching will be done between the same user; you may just comment out this #define for code optimization.